Pages

Friday, 13 July 2012

Phishing attacks on Indian businesses grow by 187%

CHENNAI: The number of phishing attacks on Indian companies and brands have seen a sharp increase recently. According to Symantec, in May 2012, it was observed that a whopping 187% rise over the previous month in phishing attacks on Indian brands, all of which were in the banking sector. While these attacks originated around the world, Hyderabad hosted the second highest number of phishing attacks on Indian brands.

Hyderabad also topped the list of cities for May that hosted phishing sites in India of non-Indian brands followed by Nashik, New Delhi and Bangalore in the 3rd and 4th place respectively. Hyderabad was at 7th place in April and Thanjavur has been featured in this list for the first time.

India is not only positioned higher than the global average as a target for spammers but is also the top source of spam globally.

The Symantec report also observed that globally the Defense industry has been the targeted industry of choice in the first half of the year, with an average of 7.3 attacks per day.

According to Computer Emergency Response Team India (CERT-In), some hacker groups launched Distributed Denial of Service attacks on websites of Government and private organizations in India. The attacks are being launched through popular DDoS tools.

Intellectual property intensive industries such as chemical/pharmaceutical and manufacturing are the top industries that experienced targeted attacks. Given the potential for monetary gain from compromised corporate intellectual property (IP), cyber criminals aim to collect intellectual property such as design documents, formulas, and manufacturing processes. The attackers first research desired targets and then send an email specifically to the target. The purpose of the attacks appears to be industrial espionage for competitive advantage.

Nitro attack which focused on chemical sector and Stuxnet which attacked industrial systems inside a nuclear reactor are two high profile examples. Not only were they designed to precisely attack only specific industrial systems, they also had monitoring modules which sent information about these systems back to attackers. It is worth noting that India was home to the third highest Stuxnet infections.